FILE PHOTO: Democratic New York Governor Andrew Cuomo holds a news conference after voting at the Presbyterian Church in Mt. Kisco, New York, U.S., November 6, 2018. REUTERS/Caitlin Ochs/File Photo
NEW YORK (Reuters) – New York Governor Andrew Cuomo on Friday ordered two state agencies to investigate a media report that Facebook Inc may be accessing far more personal information from smartphone users, including health and other sensitive data, than had previously been known.
The directive to New York’s Department of State and Department of Financial Services came after The Wall Street Journal said testing showed that Facebook collected personal information from other apps on users’ smartphones within seconds of them entering it.
The WSJ reported that several apps share sensitive user data including weight, blood pressure and ovulation status with Facebook. The report said that the company can access data in some cases even when the user is not signed into Facebook or does not have a Facebook account. In a statement Cuomo called the practice an “outrageous abuse of privacy.” He also called on the relevant federal regulators to become involved.
Facebook did not immediately respond to a Reuters request for comment.
Shares in Facebook took a short-lived hit after the Wall Street Journal report was published, but closed up 1.2 percent. In late January Cuomo along with New York Attorney General Letitia James announced an investigation into Apple Inc’s failure to warn consumers about a FaceTime bug that had let iPhones users listen to conversations of others who have not yet accepted a video call.
Facebook is facing a slew of lawsuits and regulatory inquiries over privacy issues, including a U.S. Federal Trade Commission investigation into disclosures that Facebook inappropriately shared information belonging to 87 million users with British political consulting firm Cambridge Analytica.
New York’s financial services department does not traditionally supervise social media companies directly, but has waded into digital privacy in the financial sector and could have oversight of some app providers that send user data to Facebook.
In March, it is slated to implement the country’s first cybersecurity rules governing state-regulated financial institutions such as banks, insurers and credit monitors.
Last month, DFS said life insurers could use social media posts in underwriting policies, so long as they did not discriminate based on race, colour, national origin, sexual orientation or other protected classes.
Reporting by Jonathan Stempel in New York and Katie Paul in San Francisco; Editing by Leslie Adler and Meredith Mazzilli